Posts Tagged ‘GCSB’

Cyberwar comes to New Zealand.

datePosted on 12:23, June 10th, 2015 by Pablo

News that Chinese hackers obtained personal details of 4 million US federal employees dating to 1985, following on the heels of similar attacks on the customer records of private insurance companies and retirement funds as well as the internal email networks of the US State Department and White House, demonstrate that a guerrilla cyber-war is underway. Although it will not replace traditional warfare any time soon, this is the new face of war for several reasons.

First, it does not involve physical conflict using kinetic weapons, which removes direct bloodletting from the equation. Second, it can target critical infrastructure (power grids, water supplies) as well as the command, control, communications, computing and intelligence (C4I) capabilities of adversaries. Third, it can be masked so that perpetrators can claim a measure of plausible deniability or at least intellectual distance from the action. Fourth, it can be used for tactical and strategic purposes and the pursuit of short or long-term objectives.

Much like military drones, cyberwar is here to stay.

The war is not one sided: Russian hackers have penetrated Pentagon email networks and the 5 Eyes signals intelligence alliance has dedicated hacking cells working 24/7 on targets of opportunity. Many other nations also indulge in the practice as far as their technological capabilities allow them. To these can be added a host of non-state actors—Wikileaks, Anonymous, ISIS, among others—who have also developed the capability to engage in electronic espionage, sabotage, data capture and theft.

With the most recent revelations about the hacks on the US Office of Personnel Management (OPM) archival records (which include personal details of active and retired federal employees as well as identities of those who have had or hold security clearances, perhaps including myself given my prior employment by the Department of Defense) an evolution in cyber warfare is now evident.

Previously, most state-sanctioned cyber attacks were so-called “front door” attacks on government or corporate mainframes, servers and networks. The interest was in surreptitiously obtaining sensitive data or installing surveillance devices in order to engage in ongoing monitoring of targeted entities. “Back door” probes and attacks were the province of non-state actors, especially criminal organisations, seeking to obtain private information of individuals and groups for fraudulent use. However, the recent attacks have been of the “back door” variety yet purportedly state sanctioned, and the Snowden leaks have revealed that 5 Eyes targets the personal communications of government officials, diplomats, military officials and corporate managers as a matter of course.

The move to state-sponsored “back door” hacks is ominous. Accessing data about current and retired government employees can be used to blackmail those suffering personal liabilities (debt, infidelity) in order to obtain sensitive information about government processes, procedures, protocols and policy. It can target active and former intelligence and military officials and others with access to classified information. It can target former public officials that have moved to the private sector, particularly in fields of strategic or commercial importance. Likewise, obtaining sensitive personal data of employees working in private firms opens the door to similar exploitation for illicit commercial gain.

Advances in consumer telecommunications have made cyber hacking easier. Smart phones and their applications are considered to be the most vulnerable to hacking. Because many people store an enormous amount of personal data on these devices, and because they often mix work and personal business on them, they represent an enticing entry point when targeted. Yet even knowing this millions of consumers continue to pack their lives into electronic devices, treating them more as secure bank vaults rather than as windows on their deepest secrets. Not surprisingly, both state and non-state actors have embarked on concerted efforts to penetrate mobile networks and hand-held devices. Encryption, while a useful defense against less capable hackers, only slows down but does not stop the probes of technologically sophisticated hackers such as those in the employ of a number of states.

The bottom line is this: the smaller the telecommunications market, the easier it is for cyber hackers to successfully place backdoor “bugs” into the network and targets within it, especially if government and corporate resources are directed towards defending against “front door” attacks. On the bright side, it is easier to defend against attacks in a smaller market if governments, firms, service providers and consumers work to provide a common defense against both “front door” and “back door” hacking.

The implications for New Zealand are significant.

In this new battleground physical distance cannot insulate New Zealand from foreign attack because cyber-war knows no territorial boundaries. New Zealand provides an inviting target because not only is an integral and active member of Western espionage networks, it also has proprietary technologies and intellectual property in strategic sectors of its trade-dependent economy (including niche defense-related firms) that are of interest to others. Because New Zealand’s corporate, academic and public service elites are relatively small and the overlap between them quite extensive, hacks on their personal data are a valuable tool of those who wish to use them for untoward purposes.

New Zealand public agencies and private firms have been relatively slow to react to the threat of cyber warfare. The data they hold on their employees, managers, policy elites and general population is an inviting “back door” for determined hackers seeking to exploit vulnerabilities in New Zealand’s cyber networks. Since many Kiwis are lax about separating their work and private electronic correspondence and records, the potential to access sensitive personal information is high.

New Zealand has been the subject of numerous “front door” cyber attacks and probes on public and private agencies, including an attack by Chinese-based hackers on the NIWA supercomputer carried out in concert with a similar attack by the same source on the supercomputer run by the US National Oceanographic and Atmospheric Administration (NIWA’s US counterpart). New Zealanders have been the targets of numerous “back door” intrusions such as phishing and other scams perpetrated by fraudsters and conmen. Yet successive governments have been slow to recognize the new threat advancing towards it in the cyber-sphere, only recently creating dedicated cyber security cells within the intelligence community and just last year amending the GCSB Act to address vulnerabilities in domestic internet security. But it still may not be enough.

Until New Zealand resolves the problem of institutional lag (that is, the time gap between the emergence of a technologically-driven threat and an institutional response on the part of those agencies responsible for defending against it), there is reason to be concerned for the security of private data stored in it. After all, in the age of cyberwar there is no such thing as a benign strategic environment.

Crowdsourcing opportunity: The 5th Eye.

datePosted on 14:13, June 4th, 2015 by Pablo

I had the opportunity some time go to be interviewed by the one of the director/producers of the documentary “Operation 8” for a forthcoming film about the GCSB and its role in the 5 Eyes signal intelligence network. These good people are part of the grassroots network that attempts to keep those in power accountable to the folk they supposedly serve, and while I may not agree with them on a number of issues I have no doubts about their sincerity, commitment and interest in the common good.

In order to finish the new documentary, titled “The 5th Eye,”  there is a crowdsourcing effort underway that is well worth supporting. The details are here. Besides information about donating, there is a short video trailer included on the page as well as updates and other valuable information. By all means check it out and help this film on its way to fruition.

If you support truly independent film-making in Aotearoa, this is an excellent opportunity to not only talk the talk, but to walk the walk.

Spy Fatigue.

datePosted on 11:20, April 9th, 2015 by Pablo

The slow drip feed of classified NSA material taken by Edward Snowden and published by journalists Glen Greenwald, Nicky Hager, David Fisher and others in outlets such as The Intercept and New Zealand Herald caused a stir when first published. Revelations of mass surveillance and bulk collection of telephone and email data of ordinary citizens in the 5 Eyes democracies and detailed accounts of how the NSA and its companion signals intelligence agencies in Australia, Canada, New Zealand and the UK spy on friend and foe alike, including trade partners and the personal telephones of the German prime minister and Indonesian president, caused both popular and diplomatic uproars. In New Zealand the outrage was accentuated by revelations about the illegal GCSB spying on Kim Dotcom and the government’s extension of its spying powers even after it was found to have operated outside its legal charter in other instances as well.

But now it seems that public interest in the issue has faded rather than grown. Revelations that the GCSB spies on Pacific island states such as Fiji, Samoa and Tonga as well as Pacific French territories, followed by news that it spied on candidates for the World Trade Organisation presidency on behalf of Trade Minister Tim Groser (himself a candidate), has been met not with street demonstrations and popular protests but by a collective yawn by the public at large.

Why is this so?

It appears that the New Zealand public is weary of the death by a thousand cuts approach used by Mr. Hager and his investigative colleagues. Beyond the usual array of diversions presented by popular culture and media, the reason for this disinterest seems to lie in the fact that the information released to date is seen as trivial, uncontroversial and tediously never-ending. Take for example the reaction to the news that the UK spied on Argentina after the Falklands/Malvinas War and carried on until 2011. Numerous pundits asked whether that is surprising. What is the UK expected to do when Argentina remains hostile to it and has never renounced its territorial claims over the islands? Similarly, others have pointed out that since New Zealand is utterly trade dependent, why not try to advance Mr. Groser’s candidacy for the WTO job using surreptitious as well as diplomatic means? Likewise, is it news that Australia and New Zealand spy on small Pacific neighbours who depend on them for a significant amount of foreign aid and are being courted by the Chinese? Why not given the levels of corruption and intrigue present in the region?

This does not mean that there are no constitutional, diplomatic, security and trade concerns raised by the Snowden leaks coming into the public domain. My belief is that there is much to be alarmed about in the Snowden files and they should serve as a catalyst or window of opportunity for a thorough review of the NZ intelligence community and perhaps even a renegotiation of the terms and conditions of its participation in Anglophone intelligence networks.

But the way in which it has been presented to New Zealand audiences has induced fatigue rather than fervour. Add to that the government’s strategy of obfuscation, denial and attacking the motives, ethics and character of the journalistic messengers, and the result is a jaded public with little interest in spies or what they do and whom they do it to. Cast against a backdrop in which personal data and private information is already bulk accessed by private firms and a host of social media platforms with profit-maximising in mind, the general attitude seems to be one of unconcern about what the guardians of the public interest are doing in that regard. In such a climate the old Nazi refrain “you have nothing to fear if you have nothing to hide” resonates quite well.

Unless Mr. Greenwald, Mr. Hager and their colleagues have bombshells that they have yet to drop, it appears that like Mr. Dotcom’s much-hyped “Moment of Truth” last year, their efforts have fizzled rather than fired. For the sake of their credibility as well as the public good, it is time for them to stand up and deliver something of significance that transcends the Wellington beltway or if not, to walk away.

Should Mr. Hager and company opt to deliver a bombshell, they need to consider one more thing: what good purpose is served by revealing the foreign espionage activities of New Zealand and its closest intelligence partners? Even if it uncovers myriad spying efforts that have nothing to do with national security (and terrorism, that old canard), will it advance the cause of transparency and selectivity in intelligence operations and make some governments more responsive to public concerns about privacy? Will it curtail spying by the 5 Eyes partners or any other nation? Will it encourage whistleblowing on illegal government surveillance? Will it advance New Zealand’s interests in the world or force a reconsideration of its relationship with its security partners?

Or will it simply damage New Zealand’s reputation and relations with the countries that have been spied on?  Given that New Zealand is the most vulnerable of the 5 Eyes partners and is, indeed, almost totally trade dependent, the negative consequences of any potential backlash or retaliation by aggrieved states could be significant.

That is why the issue is important. The thrust of the most recent revelations have moved beyond domestic mass surveillance and into the realm of traditional inter-state espionage, which is not confined to the activities of the 5 Eyes partners and is an integral, if unspoken necessary evil of international relations. Given that the focus of the Snowden material is solely on 5 Eyes spying and not on its counterespionage efforts or the intelligence operations of other states, could it not seem to the general public to be a bit one-sided and deliberately injurious to continue to unveil only what NZ and its partners undertake by way of signals intelligence collection (as some in government and supportive of it have insinuated)?

In the end, will ongoing revelations about New Zealand foreign espionage serve the public interest and common good? Or will it have the opposite effect?

And will average Kiwis care either way?

 

A short version of this essay appeared in the New Zealand Herald, April 10, 2015.

In recent days there have been claims that there has been both more and less spying by New Zealand intelligence agencies. Proponents and opponents of the intelligence community have seized on one or the other claim to argue in favour or against NZ’s involvement in the 5 Eyes signals intelligence network and the expansion of powers awarded the NZ intelligence community under amendments to various security Acts during the past few years. Given that there is a forthcoming parliamentary review of the NZ intelligence community, it is worth cutting to the gist of the issue of “balance” between civil liberties and intelligence operations.

Monitoring and intercept technologies available to signals and technical intelligence agencies today are superior to those of ten years ago, especially in the field of telecommunications. This allows signals and technical intelligence agencies to do much more than was possible before, something that legal frameworks governing signals and technical intelligence collection have had difficulty keeping pace with. It would therefore seemingly defy credulity to claim that that spy agencies are doing less spying now than in the past, especially given what is known about the 5 Eyes network from the Snowden documents currently being introduced into the public domain.

But perhaps there is a way to reconcile the opposing claims. Can spy agencies actually be doing less with more?

The assertion that there is less spying by NZ intelligence agencies now than seven years ago can be reconciled with the recently released GCSB annual report stating otherwise by understanding that under the intelligence community’s interpretation, “mass collection” is not equivalent to “mass surveillance.” Although the 5 Eyes and other national signals intelligence agencies use systems like PRISM to grab as much meta-data as possible as it passes through nodal points, that data has to be mined using systems like XKEYSCORE to obtain collectable information. Bulk “hovering” of all telecommunications in specific geographic or subject areas by agencies like the GCSB still has to be searched and analysed for it to become actionable intelligence. That is where the use of key words and phrases comes in, and these are not just of the usual “jihad” or “al-Qaeda” variety (since the bulk of intelligence collection is not focused on terrorism).

Although the GCSB may be doing more bulk collection of electronic data, it claims to be analysing proportionately less of what is collected than during the last year of the Fifth Labour government. So it is doing less with more. But a fundamental problem remains when it comes to intercepting telecommunications in democracies.

That problem is that whether it is analysed or not, mass collection of so-called meta-data of everyone’s personal and professional telecommunications presumably violates the democratic right to privacy as well as the presumption of innocence because it is obtained without there being a particular suspicion or specific reason for its collection (much less a warrant for its collection). Bulk intercepts can then be data-mined after the fact using classified search vehicles in order to build a case against individuals or groups.

That runs against basic tenets of democratic jurisprudence. Moreover, indefinite storing of meta-data that has not been analysed but which could be in the future in the event target (and key word) priorities change is something that is the subject of legal argument at this very moment.

There are therefore fundamental principles of democratic governance at stake in the very collection of meta-data, and these cannot be easily set aside just because the threat of terrorism is used as a justification. The issue is constitutional and needs to be resolved before the issue of “balance” can effectively be addressed.

However, for the sake of argument let’s accept that bulk collection is not mass surveillance and that the former is legal. How does one balance civil liberties and security under such circumstances?

The implementation of balance under such conditions starts at the point where data mining begins. What are the key phrases and words that identify targets for closer scrutiny? What are legitimate targets and what are not? Some search terms may be easy to understand and broadly accepted as necessary filters for the acquisition of more precise information about threats. Others might be more controversial and not widely accepted (say, “opposition leader sex life” or “anti-TPPA protest leaders”).

That is where the issue of effective intelligence oversight comes into play and on that score NZ is sorely wanting. There have been some cosmetic changes in the workings of and a slight extension of the powers of the Inspector General of Intelligence and Security, and the process of issuing domestic security warrants made more robust with the participation of the Commissioner of Security Warrants. Yet any honest assessment of the oversight mechanisms of the NZ intelligence community will show that they are inadequate when it comes to providing effective and transparent proactive as well as retroactive oversight and review of our intelligence community’s activities given the range and scope of the latter.

These mechanisms are fewer and less effective than those of most liberal democracies (including our 5 Eyes partners), which means that NZ’s intelligence partners may well ask it to do things that they cannot do themselves due to the restrictions imposed by their own oversight mechanisms. That possibility should be of concern and needs to be addressed. Relying on the good faith of NZ intelligence agencies involved is not enough, especially given their history of playing loose with the rules when it suits them.

Therein lies the core problem with regard to balancing civil liberties and intelligence operations. If there is effective intelligence oversight before the fact (“proactive” in the sense that oversight mechanisms dictate was is permissible data-mining before it occurs) as well as after the fact (“retroactive” in the sense that oversight mechanisms hold intelligence officials to account for their use of bulk collection and data-mining), then balance can be achieved. However, if such effective oversight is lacking–again, both proactive and retroactive in nature–then the “balance” will be skewed heavily in favour of unaccountable intelligence collection and usage. That is not acceptable in a democracy but is in fact the situation at present in New Zealand.

Then there are the issues of how national security is defined and what role intelligence agencies play in its defense, on whose behalf NZ intelligence agencies engage in espionage, and with who the intelligence obtained by human, signals and technical means is shared. This matters because trying to achieve balance between civil liberties and intelligence operations without addressing the larger context in which the latter occur is much like putting the cart before the horse.

EveningReport.nz is a new NZ-based online media outlet that among other valuable things offers in-depth interviews on matters of public interest.  As such t is a welcome addition and antidote to corporate media soundbites and frivolities.

I was fortunate to feature in one such interview (there is also one by Nicky Hager), which explores the latest revelations that the GCSB does a heck of a lot of spying on New Zealand’s friends and partners as well as on so-called rogue states, and it does much of this on behalf of the the US and other Five Eyes partners rather than as a matter of national security. The ramifications of the revelations about NZ’s role in 5 Eyes are one subject of the discussion, but there are other items of interest as well.

The discussion, hosted by Selwyn Manning, can be found here.

So much for intelligence community reform.

datePosted on 18:36, February 17th, 2015 by Pablo

It turns out that nearly 5 months after getting re-elected, the government has decided on the composition of the Intelligence and Security Committee (ISC). Besides himself as Chair of the ISC, the Prime Minister gets to select two members from the government parties and the Opposition Leader gets to select one member from opposition parties.  In both cases the respective Leaders are expected under Section 7 (1) (c,d) of the 1996 Intelligence and Security Committee Act to consult with the other parties on their side of the aisle before selecting the remaining members of the committee. The language of the Act is quite specific: “c) 2 members of the House of Representatives nominated for the purpose by the Prime Minister following consultation with the leader of each party in Government: (d) 1 member of the House of Representatives nominated for the purpose by the Leader of the Opposition, with the agreement of the Prime Minister, following consultation with the leader of each party that is not in Government or in coalition with a Government party.” (1996 ISCA, pp. 6-7).

Not surprisingly the government has nominated two National MPs, Attorney General Chris Finlayson and Justice Minister Amy Adams, for membership on the ISC. It is not clear if ACT, the Maori Party and United Future were consulted before their selection. What is more surprising is that Andrew Little nominated David Shearer and did not consult with opposition parties before making his selection. While Shearer is a person with considerable international experience and has been a consumer of intelligence (as opposed to a practitioner) during his career, Mr. Little has been neither. In fact, it can be argued that Mr. Little has the least experience of all the proposed members when it comes to issues of intelligence and security, which means that he will have to lean very heavily on Mr. Shearer if he is not not be overmatched within the ISC.

Moreover, in past years Russell Norman, Peter Dunne and Winston Peters have been on the ISC, so the move to re-centralise parliamentary oversight in the two major parties represents a regression away from the democratisation of representation in that oversight role. Since these two parties have been in government during some of the more egregious acts of recent intelligence agency misbehaviour (for example, the Zaoui case, where intelligence was manipulated by the SIS to build a case against him at the behest of or in collusion with the 5th Labour government, and the case of the illegal surveillance of Kim Dotcom and his associates by the GCSB in collusion or at the behest of the US government under National, to say nothing of the ongoing data mining obtained via mass electronic trawling under both governments), this does not portend well for the upcoming review of the New Zealand intelligence community that this ISC is charged with undertaking.

The Greens have expressed their disgust at being excluded and have, righty in my opinion, pointed out that they are the only past members of the ISC that have taken a critical look at the way intelligence is obtained, analysed and used in New Zealand. But that appears to be exactly why they were excluded. According to John Key,  Labour’s decision was “the right call” and he “totally supports it.” More tellingly, Mr. Key said the following: “A range of opposition voices from the minor parties could railroad the process. I don’t think the committee was terribly constructive over the last few years, I think it was used less as a way of constructing the right outcomes for legislation, and more as a sort of political battleground” (my emphasis added).

In other words, Russell Norman took his membership on the ISC seriously and did not just follow along and play ball when it came to expanding state powers of search and surveillance under the Search and Surveillance Act of 2012 and GCSB Act of 2014.

That is a very big concern. Mr. Key believes that the “right” outcomes (which have had the effect of expanding state espionage powers while limiting its accountability or the institutional checks imposed on it) need to be produced by the ISC when it comes to the legal framework governing the intelligence community. Those who would oppose such outcomes are not suitable for membership, a view with which Andrew Little seems to agree.

This is so profoundly an undemocratic view on how intelligence oversight should work that I am at a loss for words to  explain how it could come from the mouth of a Prime Minister in a liberal democracy and be tacitly seconded by the Leader of the Opposition–unless they have genuine contempt for democracy. That is a trait that W. Bush, Tony Blair and John Howard shared as well, but what does that say about the state of New Zealand democracy?

Mr. Little has given his reason to exclude Metiria Turei of the Greens from ISC membership as being due to the fact the Mr. Norman is stepping down in May and Mr. Little wanted “skills, understanding and experience” in that ISC position. Besides insulting Ms. Turei (who has been in parliament for a fair while and co-Leader of the Greens for 5 years), he also gave the flick to Mr. Peters, presumably because that old dog does not heel too well. As for Mr. Dunne, well, loose lips have sunk his ship when it comes to such matters.

The bottom line is that Mr. Little supports Mr. Key’s undemocratic approach to intelligence oversight. Worse yet, it is these two men who will lead the review of the NZ intelligence community and propose reform to it, presumably in light of the debacles of the last few years and the eventual revelations about NZ espionage derived from the Snowden files.

As I said last year in the built-up to the vote on the GCSB Amendment Act,  I doubted very much that for all its rhetorical calls for an honest and thorough review process that led to significant reform, Labour would in fact do very little to change the system as given because when it is in government it pretty much acts very similar to National when it comes to intelligence and security. If anything, the differences between the two parties in this field are more stylistic than substantive.

What I could not have foreseen was that Labour would drop all pretence of bringing a critical mindset to the review and instead join National in a move to limit the amount of internal debate allowable within the ISC at a time when it finally had an important task to undertake (in the form of the intelligence community review).

As a result, no matter how many public submissions are made, or how many experts, interest groups and laypeople appear before the ISC hearings, and how much media coverage is given to them, I fear that the end result will be more of the same: some cosmetic changes along the margins, some organisational shuffles and regroupings in the name of streamlining information flows, reducing waste and eliminating duplication of functions in order to promote bureaucratic efficiency, and very little in the way of real change in the NZ intelligence community, especially in the areas of oversight and accountability.

From now on it is all about going through the motions and giving the appearance of undertaking a serious review within the ISC. For lack of a better word, let’s call this the PRISM approach to intelligence community reform.

LINK: The Intelligence and Security Committee Act 1996.

Some years ago I ran afoul of the 5th Labour government because I speculated in public that some of our diplomatic personnel and embassies might double up as intelligence collectors. This was in reference to the Zaoui case and the role played by then SIS Director Richard Woods, who had been ambassador to France and Algeria at the time Zaoui went into exile in France from Algeria. Woods claimed that he had never heard of Zaoui until the latter arrived seeking refuge in New Zealand, and that he had never been to Algeria during his entire time as ambassador to that country. I found that a bit hard to believe on both counts and wondered aloud if, to maximise efficiencies given small budgets and manpower, Woods and others worked a bit beyond their official credentials.

The fact that embassies serve as intelligence collection points is not surprising or controversial. After all, it is not all about diplomatic receptions and garden parties. Nor should it have been entirely surprising that the possibility existed that some NZ diplomats held “official cover” as intelligence agents. That is, they were credentialed to a specific diplomatic post, held diplomatic passports and immunity based on those credentials, but were tasked to do more than what their credentials specified (for example, a trade or diplomatic attache working as a liaison with dissident or opposition groups or serving as a handler for a foreign official leaking official secrets). Rather than scandalous, this is a common albeit unmentioned aspect of human intelligence gathering and my assumption was and is that NZ is no different in that regard.

Prime Minister Helen Clark erupted with fury at my comments, saying that I was unworthy of my (then) academic job. I received a scathing letter from the then State Services Commissioner saying that I put New Zealand diplomats in danger. Most interestingly, I received a phone call at home from someone who claimed to be with the then External Assessments Bureau (now National Assessments Bureau) repeating the claim that I was putting lives in danger and suggesting that I should desist from further speculation along those lines (although he never refuted my speculation when I asked him if I was wrong).

Given that background, it was not surprising but a wee bit heartening to read that the Snowden leaks show that NZ embassies are used by the Five Eyes network as tactical signals intelligence collection points. That is, the embassies contain dedicated GCSB units that engage in signals gathering using focused means. This is different and more localised targeting than the type of signals collection done by 5 eyes stations such as Waihopai.

There is much more to come, but for a good brief and link to the original article on this particular subject, have a wander over to No Right Turn.

Double Trouble.

datePosted on 13:03, September 15th, 2014 by Pablo

Glenn Greenwald’s arrival in NZ has reignited controversy over who, exactly, the GCSB spies on, how it does so, and for whom it does so. Tonight he will outline what he has gleaned from the Snowden leaks, and I have no doubts that what is revealed will be of serious consequence. The impact will be twofold.

So far, most attention has focused on the domestic side of the equation, in the form of claims that the GCSB, in concert with its 5 Eyes partners, conducts mass surveillance of New Zealand citizens and residents. The way it does so is to tap into the broadband infrastructure in order to extract so-called “metadata,” that is, the key identifiers of cyber messages such as time, sender, internet addresses and geographic locations of those communicating, etc. This information is stored and later subject to data mining from technologies like X Keyscore, which searches for keywords and phrases that can justify opening the metadata in order to reveal the contents of the messages identified by the data-mining technologies.

In simple terms, it is like going to people’s postboxes and recording all of the identifying features of their mail without opening the mail itself unless key identifiers allow the government to do so.

The government maintains that a) it does not collect metadata on New Zealanders and NZ permanent residents; and b) that collecting metadata is not equivalent to mass surveillance in any event since the contents of the messages from which metadata is extracted are not accessed unless there are reasons of national security to do so, and this occurs only in a handful of instances.

The reality is that because of a gentleman’s agreement between the 5 Eyes partners, metadata of the citizens of one partner state is accessed and collected by one or more of the other partners and only sent to the originating state if data-mining indicates that there is reason to open the contents of specific metadata “packages” concerning citizens or residents of that state. In this way the originating state government can claim that it is not engaged in mass surveillance of its own citizens or residents.

That may be parsing the meaning of “mass surveillance” beyond useful construction, but it does allow the government to deny that it conducts such mass surveillance on technical grounds–i.e., metadata is not the same as a private communication because it has no content.

The problem with such specious reasoning is that it violates two foundational tenets of liberal democracy: the right to privacy and the presumption of innocence. If it is considered an untoward invasion of privacy for the government or others to systematically rifle through and record the identifying features of correspondence in people’s mail boxes, then it is equally a violation of  citizen’s rights to privacy for the government to electronically collect and store their cyber metadata.

Moreover, the mass collection and sharing of metadata by 5 Eyes intelligence agencies violates the presumption of innocence that citizens of democracies are supposedly entitled to. That is because the metadata is collected without cause. The government does not have a specific reason, suspicion or motive for collecting metadata, it just does so because it can under the aegis of “national security.” It then subjects this metadata to data-mining in order to find cause to conduct more intrusive searches of the contents.  It is, in effect, trawling through everyone’s cyber communications in order identify and presumably counter the nefarious behaviour or plans of some individuals, groups or agencies.

This strikes at the heart of democracy. Yet the remedy is fairly simple. Under legal challenge the government can be forced to show cause for the collection of metadata of its citizens and residents. If it cannot, then the courts can deem such collection to be illegal in all but the most exceptional circumstances. With that judgement–and I very much doubt that any High Court would find it reasonable or permissible to engage in mass metadata collection without cause–intelligence agencies are put on notice and henceforth proceed with metadata collection and sharing at their peril.

In contrast to the attention directed at the issue of mass surveillance, there is a far more damaging side to Greenwald’s revelations. That is the issue of the GCSB and 5 Eyes espionage on other countries and international agencies such as the UN or non-governmental organisations as well as foreign corporations, financial institutions, regulatory bodies and the like. Such external espionage is part of traditional inter-state intelligence gathering, which includes economic, military and political-diplomatic information about targeted entities.

Judging from what has already been revealed by the Snowden leaks with regard to the external espionage activities of the other 5 Eyes partners, it is very likely that Greenwald will reveal that NZ, through the GCSB in concert with 5 Eyes, spies on friendly or allied states as well as hostile state and non-state actors such as North Korea and al-Qaeda. This may include trade or diplomatic partners. It could well include economic or commercial espionage.

The impact of such revelations will outweigh the repercussions of the domestic surveillance aspects of the Snowden leaks. With the nature and extent of NZ’s espionage made public, its reputation as an independent and autonomous “honest  broker” in international affairs will be shattered. Its pursuit of a UN Security Council seat could well go up in smoke. But above all, the response of the states that have been and are targeted by the GCSB will be negative and perhaps injurious to NZ’s national interests. The response can come in a variety of ways, and can be very damaging. It can be economic, diplomatic or military in nature. It could involve targeting of Kiwis living in in the states being spied on, or it could involve bans or boycotts of NZ exports. The range of retaliatory measures is broad.

Unlike the other 5 Eyes partners, NZ has no strategic leverage on the states that it spies on. It is not big, powerful or endowed with strategic export commodities that are essential for other countries’ growth. Yet it is utterly trade dependent. Because of that, it is far more vulnerable to retaliation than its larger counterparts, especially if it turns out that NZ spies on its trade partners.  Imagine what will happen if it is revealed that NZ and the other 5 Eyes partners spy on TPPA  members in order to secure advantage and coordinate their negotiating strategies (keeping in mind that Australia, Canada and the US are all TPPA parties). What if if NZ spies on China, its biggest trade partner, at the behest of the US, with whom China has an increasingly tense strategic rivalry? What if it spies on Japan, Malaysia, Chile, Iran, India, Russia or the UAE? What if it spies on the Pacific Islands Forum and other regional organisations? What if it spies on Huawei or some other foreign corporations? Again, the possible range of retaliatory options is only surpassed by the probability that they will be applied once NZ’s espionage activities are made public.

In light of this it behooves the government to make contingency plans for the inevitable fallout/backlash that is coming our way. I say “our” rather than “their” because the response of the aggrieved parties will likely have, be it directly or as a trickle-down effect, a negative impact on most all Kiwis rather than just this government.  But so far the government has indicated that it has no contingency plans in place and in fact has adopted a wait and see approach to what Greenwald will reveal.

If so, it will be too late to mitigate the negative external impact of his revelations. And if so, that is a sign of gross incompetence or negligence on the part of the PM and his cabinet because they have known for a long time what Snowden took with him regarding NZ (since the NSA shared the results of its forensic audit of the purloined NSA material once Snowden disappeared). It therefore had plenty of time to develop a plan of action whether or not Greenwald showed up to be part of Kim Dotcom’s “Moment of Truth” event.

All of which means that, if Greenwald delivers on his promises, New Zealand is in for a very rough ride over the next few months. That, much more so than Dotcom’s quest for revenge against John Key, is why tonight’s event could well be a signal moment in NZ history.

What is success for Internet MANA?

datePosted on 23:29, June 10th, 2014 by Lew

In the previous two posts I’ve covered the strategic rationales behind the Internet MANA alliance, and how, even if they spend their money very inefficiently, they are still very likely to gain a stronger presence in Parliament. But what does success actually look like for Internet MANA?

This is a complex question to answer because Internet MANA, for all its potential, is a mess of vanity projects existing in a state of ideological and pragmatic tension. But tensions all resolve sooner or later.

Kim Dotcom: Disruption (a change of government, or 10%)
Of all these vanity projects, Kim Dotcom’s is the greatest. It’s hard to imagine a guy who donated $50k to John Banks starting a cyber-utopian radical-left-aligned political vehicle for altruistic reasons, and it seems plain that he means to prevent, by any possible means, his extradition to the USA on copyright infringement and money-laundering charges. This is fair enough from his perspective — he can’t spend his pile in a US prison. NZ is a well-chosen target: a country with a small (therefore shallow, cheaply-manipulated) political system, but, unusually, also possessing a reasonably robust and independent judiciary.

To get his extradition case thrown out, Kim Dotcom needs to change the government, and prevail upon an incoming Minister of Justice that he and his party are great assets to that government.

The likelihood of this is slim, because he has already antagonised Labour, and because the leader of his own party has insisted she will not be led on the matter. Other members of the radical left groups aligned with the party are probably supportive of his ideological aim here, if only due to generalised anti-authoritarianism and anti-Americanism. And the other branch of Kim Dotcom’s game is fame, or notoriety, and if he can put his disruption engine in parliament, he will gain that, and it may provide him strategic cover for other manoeuvres regardless of who is in government.

The other way it could happen is if Internet MANA shocks everyone and polls very high — say, 10% — which would ruin almost everyone’s coalition plans. This is also extremely unlikely, but clearly it is Kim Dotcom’s hope, and it would be the purest sort of success for everyone involved.

Laila Harré: A launch (5%+) or a lifeboat (3%)
Her return to politics with the Greens last year was welcomed, and the conventional wisdom is that her appointment to lead the Internet Party was a strategic coup. I agree. But as I discussed in the first post, the deck is stacked in Te Mana’s favour. It is plausible, if the alliance performs poorly, that Harré would find herself marooned amid the wreckage of the Internet Party as its only MP, or even outside parliament, when the Internet MANA agreement expires six weeks after the election.

There’s a quirk here: Te Mana gets list places 1,3 and 4; Internet Party 2, 5 and 6, after which they alternate. So if they win five seats or fewer, Te Mana MPs will outnumber the Internet Party’s. If they win six or more seats, the numbers are more or less even. This provides a strong incentive for the Internet Party to perform, and also suggests shrewd negotiation by Te Mana.

In the event that the Internet Party bring Harré only into parliament (four seats or fewer), or if Kim Dotcom withdraws his cash and the party structure is no longer found to be self-sustaining, it seems very likely that Harré would join Te Mana formally. While her history in parties of this sort is its own guide, I suspect they would welcome her and it would be a fruitful arrangement: a win, of sorts, both for her and Te Mana.

The Internet Party: A future (7%)
The Internet Party doesn’t really exist. Kim Dotcom exists and Laila Harré exists, but without them it has no motive force. It could acquire such force by gaining a very substantial share of the party vote (7-8%, or 9-10 MPs), half of whom woulf be from the Internet Party, which could possibly — not probably — become self-sustaining. Without Laila Harré’s star power and Kim Dotcom’s money, this is a hard row for Vikram Kumar and the Candidate Idol contestants to hoe.

Te Mana and Hone Harawira: The only way is up
Te Mana’s case is easiest here: everything looks like a win for them. They have one MP facing a strong electorate challenge and polling under 1%, with no money, who is almost universally hated by the political mainstream. Even a mediocre performance of 2-3% would see Annette Sykes and possibly John Minto join Hone Harawira in parliament, which would make for some impressive fireworks. Even if the party then has to fend for itself, as Kim Dotcom’s largesse expires, or he is shipped off overseas, they have been granted a rare opportunity to galvanise the marginal electorate, and that’s better than under any other conceivable scenario.

The Left: It’s complicated
Given Labour’s current posture towards all parties that aren’t Labour, there is no way that Internet MANA benefits the left generally in the immediate term. Many commentators — Phil Quin has a good example at Pundit — have argued that the mere existence of Internet MANA could return John Key with a clean majority and the ability to have his way with Aotearoa in a glorious third term. I think this is pretty plausible. By no means does the left look like winning this election. But Labour has been underperforming for most of the past decade, and it might be that an injection of crazy disruptive ideas from a weird agglomeration of old leftwing radicals and young idealistic crypto-libertarians is what they need to shock them back to their senses.

There remains the slight possibility that they will bring enough MPs into parliament to make a chaotic and unholy alliance of the left a just slightly less-bad alternative to the Golden Age of John Key. As an aside: the better the Greens do, the better for Internet MANA post-election; and if nothing else they should hopefully form a strong ideological and generational counterpoint to New Zealand First, which I fear starts to fancy itself as the UKIP of the South Seas.

Aotearoa as a whole
I think New Zealand is better off having this argument than not. Much of what Internet MANA stands for has been unduly marginalised and is due consideration; especially the emergent aspects, such as with regard to modern standards of surveillance, the relationship and competing loyalties of the state to the citizenry and to its international community, and to the comparatively trivial matter of copyright. These debates feed into the notions of sovereignty and the primacy of people, rather than corporations and institutions, which mobilise Te Mana, and there are significant areas of ideological overlap, such as the flagship Internet Party policies of free tertiary education, withdrawal from the TPPA, severe constraints on the GCSB and other security and intelligence services, and — less popular with Hone Harawira than with his voters — the decriminalisation of marijuana. These are debates worth having, and we will be better off for having had them, whether the major parties want to or not.

L

Dismissing Skullduggery.

datePosted on 11:16, March 1st, 2014 by Pablo

The latest Snowden leaks reveal that the British signals intelligence outfit GCHQ held a top secret conference in 2012 where it briefed its Five Eyes partners on an array of cyber “dirty tricks” that could be used against opponents. These included a range of hacking techniques, to include denial of service overloads, false on-line identities, “spoofing,” manipulation and alteration of on-line data and even the tried and true method of luring targets into so-called “honey traps” via social media.

The operative terms in such operations are encapsulated in the Four “D’s:” deny, disrupt, degrade and deceive.

Needless to say, there was the usual hue and cry when the news went public. Civil libertarians are incensed. Privacy advocates are outraged.

My reaction was “so what?” This is typical counter-intelligence, disinformation and psychological operations (pysops) taken to a new technological level (there is a positive side to psyops, something that is most commonly associated with so-called “hearts and minds” campaigns, but that is not the objective here). Instead, this program replicates what hackers already do on a regular basis and parallels similar programs run by the signals intelligence services of many countries. The conference just drew together the various aspects and strands of cyber naughtiness into a package made available to the Five Eyes members. The presentation (as provided by journalist Glenn Greenwald) is here: https://firstlook.org/theintercept/2014/02/24/jtrig-manipulation/.

Needless to say, New Zealand’s signals organizations, the GCSB, as well as the SIS and perhaps other security/intelligence units such as those of the police, have been granted access to this program. Government denials of such are just another smokescreen designed to hide the full extent of what NZ spy agencies can (and) do.

I was interviewed on Radio Nw Zealand about this. I pretty much said what I have mentioned above and pointed out that the real damaging news is soon to come: revelations about who NZ spies on, which, if Snowden holds true to form, will include allies as well as trading partners and perhaps even the Chinese. The interview is here: http://www.radionz.co.nz/audio/player/2587171.

After my interview former GCSB director Bruce Ferguson was interviewed. What he said was remarkable. He claimed that he knew of no such programs and that as far as he knew the GCSB did not engage in illegal activities. He dismissed my views by saying that some people give too much credit to NZ spy agency capabilities. He also claimed that the Russians and Chinese engage in similar behavior.

Let’s deconstruct this. The “dirty tricks” conference was held in 2012 and Ferguson left the GCSB in 2009. Perhaps he was unaware of the conference and during his time no such “dirty tricks” programs were operated by the GCSB. During his tenure cyber espionage was not the priority focus that it is today, so perhaps that is true insofar as using hacking techniques on social media and other cyber targets is concerned.

He says that as far as he knows the GCSB has done nothing illegal. That flies in the face of the illegal spying on Kim Dotcom (even the government admits the tapping of Dotcom’s phones by the GCSB was in fact unlawful) and the revelations that the GCSB misled parliament in its most recent annual report as to the number of warrants and operations it was engaged in (which the government claims was a simple error rather a purposeful deception). This latest embarrassment occurs after the publication of the Kitteridge Report on GCSB failures and the appointment of a new director charged with addressing and correcting them (Kitteridge is now the director of the SIS).

So, contrary to Bruce Ferguson’s claims, the GCSB has committed at least a few illegal acts, but perhaps not during his tenure as director. I leave it for readers to make judgement on that.

Whatever the truth, I believe that we can safely assume that the GCSB employs aspects of the “dirty tricks” program against foreign and perhaps domestic targets (the SIS certainly does in the latter case). I see this as par for the course given the current state of Five Eyes signals intelligence collection. I am not particularly fussed by the revelations, perhaps because it is just a technological extension of what always has been the norm in the world of intelligence and espionage.

What I do believe, as I have said many times before, is that these latest revelations are just the tip of the iceberg when it comes to NZ intelligence operations, and that Snowden, via his circle of investigative journalists, will publish far more damaging information about the role and extent of GCSB spying in the months to come.

It is time for the NZ government, if not the NZ public, to come to grips with that fact and prepare accordingly, because my suspicion is that the repercussions will be damaging and not necessarily confined to the diplomatic arena.

 

1234PreviousNext